Security - Sun Microsystems StorEdge 3900 Series Reference And Service Manual

6.4

Security

The Sun StorEdge Remote Response service provides remote monitoring and
serviceability. Sun provides as safe an environment as possible for its Sun StorEdge
Remote Response service through the use of security software installed on the
Storage Service Processor.
Sun uses Secure SHell (SSH) software for the connection between the dial-up line
and the Storage Service Processor, which adds encryption and some authentication.
Once access to the Storage Service Processor is established using PPP and CHAP, the
OPIE authentication tool requires the user to call the SunService Center and provide
a unique login challenge.
SunService, after authenticating the caller, provides the authentication key to allow
connection to the Service Processor. Additionally, TCP/IP wrappers are included to
provide additional security of network traffic. When the user accesses the Storage
Service Processor by way of the Storage Automated Diagnostic Environment GUI,
the GUI software contains an authentication process requiring a login and password
that can be tuned for specific users to have specific capabilities. Secure Socket Layer
(SSL) encryption is employed between the Storage Service Processor and the
customer's network connection to prevent snooping. Through the Storage
Automated Diagnostic Environment, only ports 7654 (exclusively managed by this
software environment) and port 443 (SSH) are enabled; telnet(1) and ftp(1) are
disabled.
For customers who activate the Sun StorEdge Remote Response service and want to
access the Storage Service Processor through their local LAN, Sun suggests using an
additional Ethernet hub for this use. The optional Ethernet hub provides additional
firewall functionality to protect the customer LAN from unauthorized access.
Contact your SunService
service.
6-4 Sun StorEdge 3900 and 6900 Series 1.1 Reference and Service Manual • July 2002
SM provider to activate the Sun StorEdge Remote Response